VulnerableCode Package Details - pkg:npm/froala-editor@2.3.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/froala-editor@2.3.3

Essentials
History (5)

purl	pkg:npm/froala-editor@2.3.3

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-3mjr-5k5j-h3ew Aliases: CVE-2020-22864 GHSA-97x5-cc53-cv4v	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.	4.0.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9153-xwpf-skgy Aliases: CVE-2024-51434 GHSA-549p-5c7f-c5p4	Froala WYSIWYG editor allows cross-site scripting (XSS) Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.	There are no reported fixed by versions.
VCID-9yss-6cdd-9bge Aliases: CVE-2019-19935 GHSA-h236-g5gh-vq6c	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Froala Editor before 3.2.3 allows XSS.	3.0.6 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-je93-db45-akd3 Aliases: CVE-2021-30109 GHSA-cq6w-w5rj-p9x8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.	3.2.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pmnu-pk72-qybr Aliases: CVE-2021-28114 GHSA-rr6v-h7m8-wc9f	Cross-site Scripting Froala WYSIWYG Edit is affected by XSS due to a namespace confusion during parsing.	3.2.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:30:21.897563+00:00	GitLab Importer	Affected by	VCID-9153-xwpf-skgy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2024-51434.yml	38.6.0
2026-06-06T01:28:43.070475+00:00	GitLab Importer	Affected by	VCID-9yss-6cdd-9bge	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2019-19935.yml	38.6.0
2026-06-06T01:04:19.917336+00:00	GitLab Importer	Affected by	VCID-3mjr-5k5j-h3ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2020-22864.yml	38.6.0
2026-06-06T01:01:29.897843+00:00	GitLab Importer	Affected by	VCID-je93-db45-akd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2021-30109.yml	38.6.0
2026-06-06T00:48:30.591348+00:00	GitLab Importer	Affected by	VCID-pmnu-pk72-qybr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2021-28114.yml	38.6.0